diff --git a/files/image_config/sudoers/sudoers b/files/image_config/sudoers/sudoers
index 317ace3bf99f..952a2313bad2 100644
--- a/files/image_config/sudoers/sudoers
+++ b/files/image_config/sudoers/sudoers
@@ -31,12 +31,17 @@ Cmnd_Alias      READ_ONLY_CMDS = /usr/bin/decode-syseeprom, \
                                  /bin/cat /var/log/syslog, \
                                  /usr/bin/tail -f /var/log/syslog
 
+Cmnd_Alias      PASSWD_CMDS = /usr/bin/config tacacs passkey *, \
+                              /usr/sbin/chpasswd *
+
 # User privilege specification
 root    ALL=(ALL:ALL) ALL
 
 # Allow members of group sudo to execute any command
 %sudo   ALL=(ALL:ALL) NOPASSWD: ALL
 
+# Prevent password related command into syslog
+Defaults!PASSWD_CMDS !syslog
 
 # See sudoers(5) for more information on "#include" directives: